Author: KingoftheAges, Posted: Wed Nov 08, 2006 6:53 pmPost subject: Vulnerability Scan Engine Congfiguration and Maintenance? ----Recently I've intherited scanning responsbilities for a large multinational corporation. These scans will be used in conjunction with the risk assessment team so this isn't really about risk managment moreso about configuration and care of the scan engine.

I've been tasked with developing a overall strategy for scanning and am seeking advice from other security professionals about general concepts and ideas. For example:

1.Scan in one large swath or break each business unit down?

2.Whats your process for identifying if new vulnerabilites should be included in your scan?

3.Credentialed scans versus noncredentialed scans? Not all of our workstations and servers have the same admin credentials resulting in inaccurate results.

4.Process for developing and testing new scan signatures?

Any input would be greatly appreciated or even a point in the direction of guidance. Thanks in advance!